14 DAY TRIAL // After the Leap-A and the Bluetooth worm the current hot topic when it comes to OS X security is the automatic file opening option.
There is an option in Safari and Mail that tells the program to automatically open safe files. The issue is that because of the way OS X handles files and file application associations, one file can be disguised as another, and, thus, Terminal scripts can be made to launch automatically when an archive is downloaded. This could pose a serious threat as it is very easy to disguise a Terminal script as something else altogether.
Apple is developing a patch for the flaw, a company representative told CNET News.com. "We're working on a fix so that this doesn't become something that could affect customers," the representative said, but could not give a delivery date for the update.
In the meantime, anybody can protect themselves by simply deactivating the open safe files option in the Safari and Mail Preferences. To further protect against any sort of social engineering through scripts, renaming the Terminal application found in Applications>Utilities will make it unreachable to malicious scripts. Also, it is recommended that home users not use the Administrator account, rather utilizing a standard account for day-to-day computer work.